Evergateway Overview
Each gateway ships pre-configured with a discrete, hardened instance of Enterprise grade linux, including local intrusion countermeasures. Most notably, SSH and other remote connection protocols are disabled. Evergateways are programmed to ignore brute-force inbound connection attempts from all network interfaces.
All gateways are continuously monitored via SaltStack to ensure integrity and confirm process security. Gateways run a combination of well-known Linux tools alongside proprietary software developed by Everactive. These gateways are commissioned with the explicit purpose of monitoring Everactive sensors. Rogue processes can be remotely audited and canceled by the Everactive Network Operations team.
Local data handling
In rare cases, if cloud access is interrupted, data may be stored locally. Stored data will be forwarded to the cloud automatically when network accessibility returns.
Backhaul
The primary method of communication, unless specified by the customer, is an integrated 4G LTE modem. This limits liability and risk on site, as a compromised gateway would not interact with the customer local area network. Likewise, each gateway has a unique pairing code with cloud brokers, ensuring that a single gateway can be isolated and taken offline without affecting the solution as a whole.
Each gateway is provisioned with a smart SIM card that checks into an Everactive-specific carrier portal, allowing Everactive staff to confirm uptime and track the physical location of each gateway through GPS. If unexpected behavior is detected, the SIM card can be deactivated at any time by Everactive staff.
LAN Connectivity
Power & Cabling requirements:
Evergateways support Cat5e or better cabling, throw distance to the nearest switch should be under 100m. The power over ethernet standard is compliant with IEEE 802.3af- 15.4W at the source, max draw at client of 12.95W.
IP Addresses:
Evergateways support fixed IP addresses in IPV4 protocol or dynamically assigned via DHCP. IPV6 is not yet supported.
Firewall & Port Accessibility:
Evergateways need to be able to reach multiple servers (Brokers) under the domains:
data.everactive.com
data.psikick.com
Typical customer implementations include a firewall rule with a wildcard to permit access to all servers under this domain, such as:
*.data.everactive.com
*.data.psikick.com
Sensor data packets are sent via secure MQTT with standard TLS-based encryption, ensuring data is not in jeopardy during transmission. The following TCP ports must be accessible:
secure-mqtt 8883
Gateway software updates and configuration are controlled via SaltStack. The TCP ports for SaltStack are:
saltstack 4505, 4506
Evergateways use NTP to ensure sensor data has an accurate timestamp. NTP ports:
ntp 123
Comments
0 commentsPlease sign in to leave a comment.